Serendipity – The official Serendipity blog

About a month has passed since our last patch release - and here we are again, releasing Serendipity 2.3.5 with some fixes for new as well as longstanding bugs.

We now truncate the file extension of media items to 5 characters - more will not fit in the database anyway, and PostgreSQL really didn't like longer extensions. Sometimes Serendipity didn't show upgrades for your plugins even though Spartacus already had them ready; that's no fun, is it? On the other hand you sometimes could spot some funny characters in the backend entry overview, as Serendipity really meant well and double-encoded special characters; which it doesn't do any longer. And we stopped CK-Edit, our graphical editor, from dropping some HTML elements (<details> and <summary>).

Last but not least we fixed a regression and some longstanding bugs in three bundled plugins: serendipity_plugin_history started throwing database errors when displaying archive pages after our 2.3.3 release, and extended properties from serendipity_event_entryproperties got lost in quite a lot of corner cases (and, for example, when publishing an entry from your backend dashboard) for a really long time. (The latter bug affected several other plugins, too, which were already updated via Spartacus.) Finally serendipity_plugin_comments will now work together nicely with serendipity_event_unstrip_tags (from Spartacus) which will keep HTML tags from comments for your sidebar display.

Just a few days after Serendipity Camp and our last patch release we have to release Serendipity 2.3.4, fixing a security flaw (present on Windows installations only and exploitable only for users with upload rights on the Media library).

Unfortunately, it was possible to upload a malicious file "file" (e.g. a PHP script or other executable content) without a file extension and then rename it afterwards to "file.php" on Windows. Thanks to Junyu Zhang for spotting and reporting this!

As we had to do a patch release anyway, we added some other fixes around Media Library file renaming and improved the display of installable plugins by adding the plugin source (Spartacus, bundled with Serendipity core or local).

As every year since 2015, we'd already booked our rooms at the Linux-Hotel located in Essen (Germany) for our community meeting and developer retreat Serendipity Camp (or sy9camp for short).

We were looking forward to this great event very much, but unfortunately we had to cancel our plans to #flattenthecurve.

Meeting online instead at Essen.

So we decided to have a virtual meeting instead. It's not the same, especially as we were limited to audio only due to bandwith constraints, and we missed the chatter at breakfast and some deep thoughts over a glas (or two) of wine in the evenings, but we got something done nevertheless.

About half a year after our last patch release we present Serendipity 2.3.3, the next bugfix release for our current stable branch.

We made some small changes and fixed some bugs in our Media Library (including a nasty bug where renaming a file using an already existing file name deleted both files). We don't show non-existing (empty) archive pages any longer and don't render the whole page when just some JS should be rendered, speeding things up a bit. Deleting trackbacks from the frontend - when logged in - should now work again, and (last but not least) we updated some bundled plugins: serendipity_event_mailer got some enhancements (you can add an introductory text to the generated mails and send them not just when publishing your entry, but for each change, too), serendipity_plugin_comments won't add spurious whitespace in the middle of words any more, and serendipity_event_bbcode has now (working) support for roman numerals in ordered lists.

Serendipity 2.3.2 is a bugfix and security fix release for our current stable branch.

Two security related bugs were fixed, the pagination feature of templates like Timeline now really works, autologin now works again on MySQL, too, all thumbnails are rotated with the original image, the WYSIWYG editor won't strip some needed elements, and auto-generated mails will now look right on all MTAs.

The first bugfix release for our new stable branch is out: Serendipity 2.3.1, fixing some bugs that crept into the 2.3.0 release as well as some older faults.

Mass delete for the media library is working again, as well as the pagination feature of templates like Timeline that couldn't cope with the "stable archives" sorting order, and the plugin lists in the backend got links to their Spartacus entries (if they are installed from Spartacus, that is).